Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
curl.9200
curl-CVE-2015-3153.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2015-3153.patch of Package curl.9200
From 66efef4ebd1a51a3782028ae46bc83909f49e0f9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 23 Apr 2015 15:58:21 +0200 Subject: [PATCH] CURLOPT_HEADEROPT: default to separate Make the HTTP headers separated by default for improved security and reduced risk for information leakage. Bug: http://curl.haxx.se/docs/adv_20150429.html Reported-by: Yehezkel Horowitz, Oren Souroujon --- lib/url.c | 1 + tests/data/test1527 | 2 +- tests/data/test287 | 2 +- tests/libtest/lib1527.c | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) Index: curl-7.37.0/lib/url.c =================================================================== --- curl-7.37.0.orig/lib/url.c 2015-04-29 10:54:11.331036557 +0200 +++ curl-7.37.0/lib/url.c 2015-04-29 10:55:04.481764011 +0200 @@ -580,6 +580,7 @@ CURLcode Curl_init_userdefined(struct Us set->ssl_enable_alpn = TRUE; set->expect_100_timeout = 1000L; /* Wait for a second by default. */ + set->sep_headers = TRUE; /* separatated header lists by default */ return res; } Index: curl-7.37.0/tests/data/test1527 =================================================================== --- curl-7.37.0.orig/tests/data/test1527 2015-04-29 10:54:10.218021326 +0200 +++ curl-7.37.0/tests/data/test1527 2015-04-29 10:54:11.331036557 +0200 @@ -45,7 +45,7 @@ http-proxy lib1527 </tool> <name> -Check same headers are generated without CURLOPT_PROXYHEADER +Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED </name> <command> http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT Index: curl-7.37.0/tests/data/test287 =================================================================== --- curl-7.37.0.orig/tests/data/test287 2015-04-29 10:54:10.218021326 +0200 +++ curl-7.37.0/tests/data/test287 2015-04-29 10:54:11.331036557 +0200 @@ -28,7 +28,7 @@ http HTTP proxy CONNECT with custom User-Agent header </name> <command> -http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel +http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007" </command> </client> Index: curl-7.37.0/tests/libtest/lib1527.c =================================================================== --- curl-7.37.0.orig/tests/libtest/lib1527.c 2015-04-29 10:54:10.218021326 +0200 +++ curl-7.37.0/tests/libtest/lib1527.c 2015-04-29 10:54:11.331036557 +0200 @@ -83,6 +83,7 @@ int test(char *URL) test_setopt(curl, CURLOPT_READFUNCTION, read_callback); test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); test_setopt(curl, CURLOPT_INFILESIZE, strlen(data)); + test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED); res = curl_easy_perform(curl);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor